Did a software system intended to prevent Boeing's new Max aircraft from stalling cause two fatal crashes?

No, believes a researcher at Rensselaer Polytechnic Institute in Troy.

The Maneuvering Characteristics Augmentation System — or MCAS — "may have been working correctly," said Carlos Varela, a licensed pilot and associate professor of computer science at Rensselaer.

Rather, it was the data being fed to it that investigators believe was in error.

"Trying to fix a system that is not broken might not be the right thing to do." Instead, says Varela, you can use other available pieces of data and established relationships to detect a sensor that may be providing faulty information.

The MCAS system has drawn scrutiny following the crashes of two brand new Boeing 737 Max 8 jets, a Lion Air flight in Indonesia last October, and an Ethiopian Airlines flight this month. Both occurred just minutes after take-off, as pilots fought to stabilize their aircraft.

MCAS is designed to compensate for a stall, including pushing the aircraft nose down to gain speed and lift. Investigators suspect a faulty sensor may have fed MCAS incorrect data.

Also, Boeing hooked only one sensor at a time to MCAS, instead of the two that were available, creating a single point for failure.

Varela and his students are developing a computer system that would recognize when a sensor or even multiple sensors have failed.

In a basement laboratory on the Rensselaer campus, Varela and his students explore the relationship between various data streams to detect whether one might be producing incorrect data.

The validity of angle of attack sensors, which are suspected in the two recent Max 8 crashes, could have been determined by analyzing their relationship to thrust and airspeed.

Sometimes, several sensors — such as the three pilot tubes on an Air France jet that plunged into the ocean in 2009 — can fail. In the Air France case, each apparently had filled with ice, blocking an accurate reading of airspeed. Instead, it reported the aircraft had slowed dramatically. The autopilot disengaged and the pilots subsequently stalled the aircraft. In this case, a system such as MCAS could actually have prevented the stall.

The icing lasted just 40 seconds, according to a 2014 report in Science Daily that discussed Varela's work. But by the time the pitot tubes were working again, the aircraft was descending at 10,000 feet per minute, and the pilots couldn't save it.

Varela's team fed the Air France black box data into a program it created that immediately picked up on the errant pitot tube data, by validating it against groundspeed and windspeed data available from onboard GPS instruments and weather reports.

In the case of Lion Air, an angle of attack sensor apparently produced errant data that triggered the MCAS, which forced the nose down.

An angle of attack sensor that's in error could be cross-checked with airspeed. Everything else being constant, particularly thrust, different angles of attack will lead to particular airspeeds.

"Our PILOTS program detects and corrects system failures," said Shigeru Imai, a postdoctoral student in computer science.

Varela says the angle of attack indicator can be checked using the plane's airspeed, which itself can be checked against ground speed and wind speed.

In a recently funded project by the Air Force Office of Scientific Research, under the Dynamic Data Driven Application Systems (DDDAS) program, Varela and Rensselaer aerospace engineer, Fotis Kopsaftopoulos, have been awarded a three-year $655,964 grant to study the notion of "safety envelopes".

Safety envelopes are to formally specify under which conditions, a flight system is guaranteed to behave correctly. For example, the proposed analytical redundancy enhancement to MCAS could be verified to be correct under the assumption that both the angle of attack sensors and the airspeed sensors do not simultaneously fail.

Other variables may eventually be added in an effort to create an "Internet of airplanes."

Much like the Internet of Things with machinery, this network would share data across aircraft in a dynamic and changing flight environment, seeking to boost both safety and the efficiency of each flight.

Varela and another Rensselaer computer scientist, Stacy Patterson, have been awarded a $325,000, three-year National Science Foundation grant to develop a prototype "Virtual Sky" platform that would quickly and reliably analyze flight data.

In one corner of the basement lab, a sketch describes the creation of an "Emergency Trajectory Generator for Fixed-Wing Aircraft," basically a plot of how an aircraft might perform if its engines failed, and how to bring it down safely.

A real-life example is that of Capt. Chesley Sullenberger, who successfully glided his Airbus flight to an emergency water landing in the Hudson River after losing engine power when the plane struck a flock of geese after takeoff.

Sullenberger would have had only seconds to decide whether to risk returning to LaGuardia Airport. In the end, he chose the Hudson.

The software would provide another tool, should another such a situation occur.

He mentions computers that can beat human players in chess and the game show "Jeopardy!"

"Within seconds you can do a lot of things," he said, citing the trajectory mapping above that takes just 50 milliseconds to create a safe path to the ground. This wind-aware algorithm is being used as a reference implementation by a NASA team for potential use on UAVs.